General
-
Target
FYI Jan2021.js
-
Size
179KB
-
Sample
210113-mrlp5d344x
-
MD5
cc6b06080d6ed3d480da394b0ed1c502
-
SHA1
5a5842f4441de74004240970524830ef82ecc0db
-
SHA256
b6f981e71a5ae535ab355f72ace1b43a1242a9a80c8472868b10b56273d9ecf1
-
SHA512
f97e556ff60622c8ae5843285f2365b0be975c9d9a04c413dafdabfbe9a7bc293a3cb455ba3d14a1fd09fe8e35ddaf7f40a94f9c5a173f9a7475171d02b83392
Score
8/10
Malware Config
Targets
-
-
Target
FYI Jan2021.js
-
Size
179KB
-
MD5
cc6b06080d6ed3d480da394b0ed1c502
-
SHA1
5a5842f4441de74004240970524830ef82ecc0db
-
SHA256
b6f981e71a5ae535ab355f72ace1b43a1242a9a80c8472868b10b56273d9ecf1
-
SHA512
f97e556ff60622c8ae5843285f2365b0be975c9d9a04c413dafdabfbe9a7bc293a3cb455ba3d14a1fd09fe8e35ddaf7f40a94f9c5a173f9a7475171d02b83392
Score8/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-
JavaScript code in executable
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-